[Freeipa-devel] [PATCH 0170] Detect and warn about invalid forwardzone configuration

Martin Basti mbasti at redhat.com
Thu Dec 11 15:50:56 UTC 2014 

Updated aptch attached:

diff with previous:

diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index f9d8321..7a80036 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -1735,7 +1735,7 @@ def _normalize_zone(zone):

  def _get_auth_zone_ldap(name):
      """
-    Find authoritative zone in LDAP for name
+    Find authoritative zone in LDAP for name. Only active zones are 
considered.
      :param name:
      :return: (zone, truncated)
      zone: authoritative zone, or None if authoritative zone is not in LDAP
@@ -1781,10 +1781,10 @@ def _get_auth_zone_ldap(name):

  def _get_longest_match_ns_delegation_ldap(zone, name):
      """
-    Finds record in LDAP which has the longest match with name.
+    Searches for deepest delegation for name in LDAP zone.

-    NOTE: does not search in zone apex, returns None if there is no NS
-    delegation outside of zone apex
+    NOTE: NS record in zone apex is not considered as delegation.
+    It returns None if there is no delegation outside of zone apex.

      Example:
      zone: example.com.
@@ -1799,9 +1799,8 @@ def _get_longest_match_ns_delegation_ldap(zone, name):

      :param zone: zone name
      :param name:
-    :return: (record, truncated);
-    record: record name if success, or None if no such record exists, or
-    record is zone apex record
+    :return: (match, truncated);
+    match: delegation name if success, or None if no delegation record 
exists
      """
      assert isinstance(zone, DNSName)
      assert isinstance(name, DNSName)
@@ -1846,7 +1845,6 @@ def _get_longest_match_ns_delegation_ldap(zone, name):

      # test if entry contains NS records
      for entry in entries:
-        print entry
          if entry.get('nsrecord'):
              matched_records.append(entry.single_value['idnsname'])

@@ -3444,7 +3442,7 @@ class dnsrecord(LDAPObject):
      def warning_if_ns_change_cause_fwzone_ineffective(self, result, *keys,
                                                        **options):
          """Detect if NS record change can make forward zones 
ineffective due
-        missing delegation. Run after parent's execute method method.
+        missing delegation. Run after parent's execute method.
          """
          record_name_absolute = keys[-1]
          zone = keys[-2]

-- 
Martin Basti

-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0170.5-Detect-and-warn-about-invalid-DNS-forward-zone-confi.patch
Type: text/x-patch
Size: 17035 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141211/8b0dd80a/attachment.bin>

More information about the Freeipa-devel mailing list